marcel/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd.git synced 2026-02-20 01:28:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
5345a2aa22e2eb1e317abb87d066ab95c97971d4
argo-cd/pkg/apis/application/v1alpha1/generated.proto
Matthieu MOREL 5345a2aa22 chore: update golangci-lint to v2.8.0 (#26354) 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
2026-02-10 16:11:02 +05:30

2796 lines
104 KiB
Protocol Buffer
Raw Blame History

// This file was autogenerated by go-to-protobuf. Do not edit it manually!
syntax = "proto2";
package github.com.argoproj.argo_cd.v3.pkg.apis.application.v1alpha1;
import "k8s.io/api/core/v1/generated.proto";
import "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.proto";
import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/generated.proto";
import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";
import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1";
// AWSAuthConfig is an AWS IAM authentication configuration
message AWSAuthConfig {
// ClusterName contains AWS cluster name
optional string clusterName = 1;
// RoleARN contains optional role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.
optional string roleARN = 2;
// Profile contains optional role ARN. If set then AWS IAM Authenticator uses the profile to perform cluster operations instead of the default AWS credential provider chain.
optional string profile = 3;
}
// AppHealthStatus contains information about the currently observed health state of an application
message AppHealthStatus {
// Status holds the status code of the application
optional string status = 1;
// Message is a human-readable informational message describing the health status
//
// Deprecated: this field is not used and will be removed in a future release.
optional string message = 2;
// LastTransitionTime is the time the HealthStatus was set or updated
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;
}
// AppProject provides a logical grouping of applications, providing controls for:
// * where the apps may deploy to (cluster whitelist)
// * what may be deployed (repository whitelist, resource whitelist/blacklist)
// * who can access these applications (roles, OIDC group claims bindings)
// * and what they can do (RBAC policies)
// * automation access to these roles (JWT tokens)
// +genclient
// +genclient:noStatus
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:path=appprojects,shortName=appproj;appprojs
message AppProject {
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
optional AppProjectSpec spec = 2;
optional AppProjectStatus status = 3;
}
// AppProjectList is list of AppProject resources
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
message AppProjectList {
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
repeated AppProject items = 2;
}
// AppProjectSpec is the specification of an AppProject
message AppProjectSpec {
// SourceRepos contains list of repository URLs which can be used for deployment
repeated string sourceRepos = 1;
// Destinations contains list of destinations available for deployment
repeated ApplicationDestination destinations = 2;
// Description contains optional project description
// +kubebuilder:validation:MaxLength=255
optional string description = 3;
// Roles are user defined RBAC roles associated with this project
repeated ProjectRole roles = 4;
// ClusterResourceWhitelist contains list of whitelisted cluster level resources
repeated ClusterResourceRestrictionItem clusterResourceWhitelist = 5;
// NamespaceResourceBlacklist contains list of blacklisted namespace level resources
repeated .k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind namespaceResourceBlacklist = 6;
// OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
optional OrphanedResourcesMonitorSettings orphanedResources = 7;
// SyncWindows controls when syncs can be run for apps in this project
repeated SyncWindow syncWindows = 8;
// NamespaceResourceWhitelist contains list of whitelisted namespace level resources
repeated .k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind namespaceResourceWhitelist = 9;
// SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync
repeated SignatureKey signatureKeys = 10;
// ClusterResourceBlacklist contains list of blacklisted cluster level resources
repeated ClusterResourceRestrictionItem clusterResourceBlacklist = 11;
// SourceNamespaces defines the namespaces application resources are allowed to be created in
repeated string sourceNamespaces = 12;
// PermitOnlyProjectScopedClusters determines whether destinations can only reference clusters which are project-scoped
optional bool permitOnlyProjectScopedClusters = 13;
// DestinationServiceAccounts holds information about the service accounts to be impersonated for the application sync operation for each destination.
repeated ApplicationDestinationServiceAccount destinationServiceAccounts = 14;
}
// AppProjectStatus contains status information for AppProject CRs
message AppProjectStatus {
// JWTTokensByRole contains a list of JWT tokens issued for a given role
map<string, JWTTokens> jwtTokensByRole = 1;
}
// Application is a definition of Application resource.
// +genclient
// +genclient:noStatus
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:path=applications,shortName=app;apps
// +kubebuilder:printcolumn:name="Sync Status",type=string,JSONPath=`.status.sync.status`
// +kubebuilder:printcolumn:name="Health Status",type=string,JSONPath=`.status.health.status`
// +kubebuilder:printcolumn:name="Revision",type=string,JSONPath=`.status.sync.revision`,priority=10
// +kubebuilder:printcolumn:name="Project",type=string,JSONPath=`.spec.project`,priority=10
message Application {
// Common: shared with ApplicationSet
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Common: shared with ApplicationSet
optional ApplicationSpec spec = 2;
// Common: shared with ApplicationSet (different type)
optional ApplicationStatus status = 3;
// Common: shared with ApplicationSet (different type)
optional Operation operation = 4;
}
// ApplicationCondition contains details about an application condition, which is usually an error or warning
message ApplicationCondition {
// Type is an application condition type
optional string type = 1;
// Message contains human-readable message indicating details about condition
optional string message = 2;
// LastTransitionTime is the time the condition was last observed
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;
}
// ApplicationDestination holds information about the application's destination
message ApplicationDestination {
// Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set.
optional string server = 1;
// Namespace specifies the target namespace for the application's resources.
// The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
optional string namespace = 2;
// Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set.
optional string name = 3;
}
// ApplicationDestinationServiceAccount holds information about the service account to be impersonated for the application sync operation.
message ApplicationDestinationServiceAccount {
// Server specifies the URL of the target cluster's Kubernetes control plane API.
optional string server = 1;
// Namespace specifies the target namespace for the application's resources.
optional string namespace = 2;
// DefaultServiceAccount to be used for impersonation during the sync operation
optional string defaultServiceAccount = 3;
}
// ApplicationList is list of Application resources
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
message ApplicationList {
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
repeated Application items = 2;
}
message ApplicationMatchExpression {
optional string key = 1;
optional string operator = 2;
repeated string values = 3;
}
message ApplicationPreservedFields {
repeated string annotations = 1;
repeated string labels = 2;
}
// ApplicationSet is a set of Application resources.
// +genclient
// +genclient:noStatus
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:path=applicationsets,shortName=appset;appsets
// +kubebuilder:subresource:status
message ApplicationSet {
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;
// Common: shared with Application
optional ApplicationSetSpec spec = 2;
// Common: shared with Application (different type)
optional ApplicationSetStatus status = 3;
}
// ApplicationSetApplicationStatus contains details about each Application managed by the ApplicationSet
message ApplicationSetApplicationStatus {
// Application contains the name of the Application resource
optional string application = 1;
// LastTransitionTime is the time the status was last updated
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 2;
// Message contains human-readable message indicating details about the status
optional string message = 3;
// Status contains the AppSet's perceived status of the managed Application resource
optional string status = 4;
// Step tracks which step this Application should be updated in
optional string step = 5;
// TargetRevision tracks the desired revisions the Application should be synced to.
repeated string targetrevisions = 6;
}
// ApplicationSetCondition contains details about an applicationset condition, which is usually an error or warning
message ApplicationSetCondition {
// Type is an applicationset condition type
optional string type = 1;
// Message contains human-readable message indicating details about condition
optional string message = 2;
// LastTransitionTime is the time the condition was last observed
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;
// True/False/Unknown
optional string status = 4;
// Single word camelcase representing the reason for the status eg ErrorOccurred
optional string reason = 5;
}
// ApplicationSetGenerator represents a generator at the top level of an ApplicationSet.
message ApplicationSetGenerator {
optional ListGenerator list = 1;
optional ClusterGenerator clusters = 2;
optional GitGenerator git = 3;
optional SCMProviderGenerator scmProvider = 4;
optional DuckTypeGenerator clusterDecisionResource = 5;
optional PullRequestGenerator pullRequest = 6;
optional MatrixGenerator matrix = 7;
optional MergeGenerator merge = 8;
// Selector allows to post-filter all generator.
optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 9;
optional PluginGenerator plugin = 10;
}
// ApplicationSetList contains a list of ApplicationSet
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:object:root=true
message ApplicationSetList {
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
repeated ApplicationSet items = 2;
}
// ApplicationSetNestedGenerator represents a generator nested within a combination-type generator (MatrixGenerator or
// MergeGenerator).
message ApplicationSetNestedGenerator {
optional ListGenerator list = 1;
optional ClusterGenerator clusters = 2;
optional GitGenerator git = 3;
optional SCMProviderGenerator scmProvider = 4;
optional DuckTypeGenerator clusterDecisionResource = 5;
optional PullRequestGenerator pullRequest = 6;
// Matrix should have the form of NestedMatrixGenerator
optional .k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON matrix = 7;
// Merge should have the form of NestedMergeGenerator
optional .k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON merge = 8;
// Selector allows to post-filter all generator.
optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 9;
optional PluginGenerator plugin = 10;
}
// ApplicationSetResourceIgnoreDifferences configures how the ApplicationSet controller will ignore differences in live
// applications when applying changes from generated applications.
message ApplicationSetResourceIgnoreDifferences {
// Name is the name of the application to ignore differences for. If not specified, the rule applies to all applications.
optional string name = 1;
// JSONPointers is a list of JSON pointers to fields to ignore differences for.
repeated string jsonPointers = 2;
// JQPathExpressions is a list of JQ path expressions to fields to ignore differences for.
repeated string jqPathExpressions = 3;
}
message ApplicationSetRolloutStep {
repeated ApplicationMatchExpression matchExpressions = 1;
optional .k8s.io.apimachinery.pkg.util.intstr.IntOrString maxUpdate = 2;
}
message ApplicationSetRolloutStrategy {
repeated ApplicationSetRolloutStep steps = 1;
}
// ApplicationSetSpec represents a class of application set state.
message ApplicationSetSpec {
optional bool goTemplate = 1;
repeated ApplicationSetGenerator generators = 2;
optional ApplicationSetTemplate template = 3;
optional ApplicationSetSyncPolicy syncPolicy = 4;
optional ApplicationSetStrategy strategy = 5;
optional ApplicationPreservedFields preservedFields = 6;
repeated string goTemplateOptions = 7;
// ApplyNestedSelectors enables selectors defined within the generators of two level-nested matrix or merge generators.
//
// Deprecated: This field is ignored, and the behavior is always enabled. The field will be removed in a future
// version of the ApplicationSet CRD.
optional bool applyNestedSelectors = 8;
repeated ApplicationSetResourceIgnoreDifferences ignoreApplicationDifferences = 9;
optional string templatePatch = 10;
}
// ApplicationSetStatus defines the observed state of ApplicationSet
message ApplicationSetStatus {
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
// Important: Run "make" to regenerate code after modifying this file
repeated ApplicationSetCondition conditions = 1;
repeated ApplicationSetApplicationStatus applicationStatus = 2;
// Resources is a list of Applications resources managed by this application set.
repeated ResourceStatus resources = 3;
// ResourcesCount is the total number of resources managed by this application set. The count may be higher than actual number of items in the Resources field when
// the number of managed resources exceeds the limit imposed by the controller (to avoid making the status field too large).
optional int64 resourcesCount = 4;
// Health contains information about the applicationset's current health status based on the applicationset conditions
optional HealthStatus health = 5;
}
// ApplicationSetStrategy configures how generated Applications are updated in sequence.
message ApplicationSetStrategy {
optional string type = 1;
optional ApplicationSetRolloutStrategy rollingSync = 2;
// DeletionOrder allows specifying the order for deleting generated apps when progressive sync is enabled.
// accepts values "AllAtOnce" and "Reverse"
optional string deletionOrder = 3;
}
// ApplicationSetSyncPolicy configures how generated Applications will relate to their
// ApplicationSet.
message ApplicationSetSyncPolicy {
// PreserveResourcesOnDeletion will preserve resources on deletion. If PreserveResourcesOnDeletion is set to true, these Applications will not be deleted.
optional bool preserveResourcesOnDeletion = 1;
// ApplicationsSync represents the policy applied on the generated applications. Possible values are create-only, create-update, create-delete, sync
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=create-only;create-update;create-delete;sync
optional string applicationsSync = 2;
}
// ApplicationSetTemplate represents argocd ApplicationSpec
message ApplicationSetTemplate {
optional ApplicationSetTemplateMeta metadata = 1;
optional ApplicationSpec spec = 2;
}
// ApplicationSetTemplateMeta represents the Argo CD application fields that may
// be used for Applications generated from the ApplicationSet (based on metav1.ObjectMeta)
message ApplicationSetTemplateMeta {
optional string name = 1;
optional string namespace = 2;
map<string, string> labels = 3;
map<string, string> annotations = 4;
repeated string finalizers = 5;
}
// ApplicationSetTerminalGenerator represents a generator nested within a nested generator (for example, a list within
// a merge within a matrix). A generator at this level may not be a combination-type generator (MatrixGenerator or
// MergeGenerator). ApplicationSet enforces this nesting depth limit because CRDs do not support recursive types.
// https://github.com/kubernetes-sigs/controller-tools/issues/477
message ApplicationSetTerminalGenerator {
optional ListGenerator list = 1;
optional ClusterGenerator clusters = 2;
optional GitGenerator git = 3;
optional SCMProviderGenerator scmProvider = 4;
optional DuckTypeGenerator clusterDecisionResource = 5;
optional PullRequestGenerator pullRequest = 6;
optional PluginGenerator plugin = 7;
// Selector allows to post-filter all generator.
optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 8;
}
// ApplicationSetTree holds nodes which belongs to the application
// Used to build a tree of an ApplicationSet and its children
message ApplicationSetTree {
// Nodes contains list of nodes which are directly managed by the applicationset
repeated ResourceNode nodes = 1;
}
// ApplicationSource contains all required information about the source of an application
message ApplicationSource {
// RepoURL is the URL to the repository (Git or Helm) that contains the application manifests
optional string repoURL = 1;
// Path is a directory path within the Git repository, and is only valid for applications sourced from Git.
optional string path = 2;
// TargetRevision defines the revision of the source to sync the application to.
// In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.
// In case of Helm, this is a semver tag for the Chart's version.
optional string targetRevision = 4;
// Helm holds helm specific options
optional ApplicationSourceHelm helm = 7;
// Kustomize holds kustomize specific options
optional ApplicationSourceKustomize kustomize = 8;
// Directory holds path/directory specific options
optional ApplicationSourceDirectory directory = 10;
// Plugin holds config management plugin specific options
optional ApplicationSourcePlugin plugin = 11;
// Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.
optional string chart = 12;
// Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.
optional string ref = 13;
// Name is used to refer to a source and is displayed in the UI. It is used in multi-source Applications.
optional string name = 14;
}
// ApplicationSourceDirectory holds options for applications of type plain YAML or Jsonnet
message ApplicationSourceDirectory {
// Recurse specifies whether to scan a directory recursively for manifests
optional bool recurse = 1;
// Jsonnet holds options specific to Jsonnet
optional ApplicationSourceJsonnet jsonnet = 2;
// Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation
optional string exclude = 3;
// Include contains a glob pattern to match paths against that should be explicitly included during manifest generation
optional string include = 4;
}
// ApplicationSourceHelm holds helm specific options
message ApplicationSourceHelm {
// ValuesFiles is a list of Helm value files to use when generating a template
repeated string valueFiles = 1;
// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation
repeated HelmParameter parameters = 2;
// ReleaseName is the Helm release name to use. If omitted it will use the application name
optional string releaseName = 3;
// Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.
// +patchStrategy=replace
optional string values = 4;
// FileParameters are file parameters to the helm template
repeated HelmFileParameter fileParameters = 5;
// Version is the Helm version to use for templating ("3")
optional string version = 6;
// PassCredentials pass credentials to all domains (Helm's --pass-credentials)
optional bool passCredentials = 7;
// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values
optional bool ignoreMissingValueFiles = 8;
// SkipCrds skips custom resource definition installation step (Helm's --skip-crds)
optional bool skipCrds = 9;
// ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.
// +kubebuilder:pruning:PreserveUnknownFields
optional .k8s.io.apimachinery.pkg.runtime.RawExtension valuesObject = 10;
// Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.
optional string namespace = 11;
// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
// uses the Kubernetes version of the target cluster.
optional string kubeVersion = 12;
// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
repeated string apiVersions = 13;
// SkipTests skips test manifest installation step (Helm's --skip-tests).
optional bool skipTests = 14;
// SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)
optional bool skipSchemaValidation = 15;
}
// ApplicationSourceJsonnet holds options specific to applications of type Jsonnet
message ApplicationSourceJsonnet {
// ExtVars is a list of Jsonnet External Variables
repeated JsonnetVar extVars = 1;
// TLAS is a list of Jsonnet Top-level Arguments
repeated JsonnetVar tlas = 2;
// Additional library search dirs
repeated string libs = 3;
}
// ApplicationSourceKustomize holds options specific to an Application source specific to Kustomize
message ApplicationSourceKustomize {
// NamePrefix is a prefix appended to resources for Kustomize apps
optional string namePrefix = 1;
// NameSuffix is a suffix appended to resources for Kustomize apps
optional string nameSuffix = 2;
// Images is a list of Kustomize image override specifications
repeated string images = 3;
// CommonLabels is a list of additional labels to add to rendered manifests
map<string, string> commonLabels = 4;
// Version controls which version of Kustomize to use for rendering manifests
optional string version = 5;
// CommonAnnotations is a list of additional annotations to add to rendered manifests
map<string, string> commonAnnotations = 6;
// ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps
optional bool forceCommonLabels = 7;
// ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps
optional bool forceCommonAnnotations = 8;
// Namespace sets the namespace that Kustomize adds to all resources
optional string namespace = 9;
// CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values
optional bool commonAnnotationsEnvsubst = 10;
// Replicas is a list of Kustomize Replicas override specifications
repeated KustomizeReplica replicas = 11;
// Patches is a list of Kustomize patches
repeated KustomizePatch patches = 12;
// Components specifies a list of kustomize components to add to the kustomization before building
repeated string components = 13;
// IgnoreMissingComponents prevents kustomize from failing when components do not exist locally by not appending them to kustomization file
optional bool ignoreMissingComponents = 17;
// LabelWithoutSelector specifies whether to apply common labels to resource selectors or not
optional bool labelWithoutSelector = 14;
// KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD
// uses the Kubernetes version of the target cluster.
optional string kubeVersion = 15;
// APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,
// Argo CD uses the API versions of the target cluster. The format is [group/]version/kind.
repeated string apiVersions = 16;
// LabelIncludeTemplates specifies whether to apply common labels to resource templates or not
optional bool labelIncludeTemplates = 18;
}
// ApplicationSourcePlugin holds options specific to config management plugins
message ApplicationSourcePlugin {
optional string name = 1;
repeated EnvEntry env = 2;
repeated ApplicationSourcePluginParameter parameters = 3;
}
message ApplicationSourcePluginParameter {
// Name is the name identifying a parameter.
optional string name = 1;
// String_ is the value of a string type parameter.
optional string string = 5;
// Map is the value of a map type parameter.
optional OptionalMap map = 3;
// Array is the value of an array type parameter.
optional OptionalArray array = 4;
}
// ApplicationSpec represents desired application state. Contains link to repository with application definition and additional parameters link definition revision.
message ApplicationSpec {
// Source is a reference to the location of the application's manifests or chart
optional ApplicationSource source = 1;
// Destination is a reference to the target Kubernetes server and namespace
optional ApplicationDestination destination = 2;
// Project is a reference to the project this application belongs to.
// The empty string means that application belongs to the 'default' project.
optional string project = 3;
// SyncPolicy controls when and how a sync will be performed
optional SyncPolicy syncPolicy = 4;
// IgnoreDifferences is a list of resources and their fields which should be ignored during comparison
repeated ResourceIgnoreDifferences ignoreDifferences = 5;
// Info contains a list of information (URLs, email addresses, and plain text) that relates to the application
repeated Info info = 6;
// RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions.
// This should only be changed in exceptional circumstances.
// Setting to zero will store no history. This will reduce storage used.
// Increasing will increase the space used to store the history, so we do not recommend increasing it.
// Default is 10.
optional int64 revisionHistoryLimit = 7;
// Sources is a reference to the location of the application's manifests or chart
repeated ApplicationSource sources = 8;
// SourceHydrator provides a way to push hydrated manifests back to git before syncing them to the cluster.
optional SourceHydrator sourceHydrator = 9;
}
// ApplicationStatus contains status information for the application
message ApplicationStatus {
// Resources is a list of Kubernetes resources managed by this application
repeated ResourceStatus resources = 1;
// Sync contains information about the application's current sync status
optional SyncStatus sync = 2;
// Health contains information about the application's current health status
optional AppHealthStatus health = 3;
// History contains information about the application's sync history
repeated RevisionHistory history = 4;
// Conditions is a list of currently observed application conditions
repeated ApplicationCondition conditions = 5;
// ReconciledAt indicates when the application state was reconciled using the latest git version
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time reconciledAt = 6;
// OperationState contains information about any ongoing operations, such as a sync
optional OperationState operationState = 7;
// ObservedAt indicates when the application state was updated without querying latest git state
//
// Deprecated: controller no longer updates ObservedAt field
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time observedAt = 8;
// SourceType specifies the type of this application
optional string sourceType = 9;
// Summary contains a list of URLs and container images used by this application
optional ApplicationSummary summary = 10;
// ResourceHealthSource indicates where the resource health status is stored: inline if not set or appTree
optional string resourceHealthSource = 11;
// SourceTypes specifies the type of the sources included in the application
repeated string sourceTypes = 12;
// ControllerNamespace indicates the namespace in which the application controller is located
optional string controllerNamespace = 13;
// SourceHydrator stores information about the current state of source hydration
optional SourceHydratorStatus sourceHydrator = 14;
}
// ApplicationSummary contains information about URLs and container images used by an application
message ApplicationSummary {
// ExternalURLs holds all external URLs of application child resources.
repeated string externalURLs = 1;
// Images holds all images of application child resources.
repeated string images = 2;
}
// ApplicationTree represents the hierarchical structure of resources associated with an Argo CD application.
message ApplicationTree {
// Nodes contains a list of resources that are either directly managed by the application
// or are children of directly managed resources.
repeated ResourceNode nodes = 1;
// OrphanedNodes contains resources that exist in the same namespace as the application
// but are not managed by it. This list is populated only if orphaned resource tracking
// is enabled in the application's project settings.
repeated ResourceNode orphanedNodes = 2;
// Hosts provides a list of Kubernetes nodes that are running pods related to the application.
repeated HostInfo hosts = 3;
// ShardsCount represents the total number of shards the application tree is split into.
// This is used to distribute resource processing across multiple shards.
optional int64 shardsCount = 4;
}
// ApplicationWatchEvent contains information about application change.
message ApplicationWatchEvent {
optional string type = 1;
// Application is:
// * If Type is Added or Modified: the new state of the object.
// * If Type is Deleted: the state of the object immediately before deletion.
// * If Type is Error: *api.Status is recommended; other types may make sense
// depending on context.
optional Application application = 2;
}
// Backoff is the backoff strategy to use on subsequent retries for failing syncs
message Backoff {
// Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h")
optional string duration = 1;
// Factor is a factor to multiply the base duration after each failed retry
optional int64 factor = 2;
// MaxDuration is the maximum amount of time allowed for the backoff strategy
optional string maxDuration = 3;
}
// BasicAuthBitbucketServer defines the username/(password or personal access token) for Basic auth.
message BasicAuthBitbucketServer {
// Username for Basic auth
optional string username = 1;
// Password (or personal access token) reference.
optional SecretRef passwordRef = 2;
}
// BearerTokenBitbucket defines the Bearer token for BitBucket AppToken auth.
message BearerTokenBitbucket {
// Password (or personal access token) reference.
optional SecretRef tokenRef = 1;
}
// BearerTokenBitbucketCloud defines the Bearer token for BitBucket AppToken auth.
message BearerTokenBitbucketCloud {
// Password (or personal access token) reference.
optional SecretRef tokenRef = 1;
}
// ChartDetails contains helm chart metadata for a specific version
message ChartDetails {
optional string description = 1;
// The URL of this projects home page, e.g. "http://example.com"
optional string home = 2;
// List of maintainer details, name and email, e.g. ["John Doe <john_doe@my-company.com>"]
repeated string maintainers = 3;
}
// Cluster is the definition of a cluster resource
message Cluster {
// Server is the API server URL of the Kubernetes cluster
optional string server = 1;
// Name of the cluster. If omitted, will use the server address
optional string name = 2;
// Config holds cluster information for connecting to a cluster
optional ClusterConfig config = 3;
// Deprecated: use Info.ConnectionState field instead.
// ConnectionState contains information about cluster connection state
optional ConnectionState connectionState = 4;
// Deprecated: use Info.ServerVersion field instead.
// The server version
optional string serverVersion = 5;
// Holds list of namespaces which are accessible in that cluster. Cluster level resources will be ignored if namespace list is not empty.
repeated string namespaces = 6;
// RefreshRequestedAt holds time when cluster cache refresh has been requested
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time refreshRequestedAt = 7;
// Info holds information about cluster cache and state
optional ClusterInfo info = 8;
// Shard contains optional shard number. Calculated on the fly by the application controller if not specified.
optional int64 shard = 9;
// Indicates if cluster level resources should be managed. This setting is used only if cluster is connected in a namespaced mode.
optional bool clusterResources = 10;
// Reference between project and cluster that allow you automatically to be added as item inside Destinations project entity
optional string project = 11;
// Labels for cluster secret metadata
map<string, string> labels = 12;
// Annotations for cluster secret metadata
map<string, string> annotations = 13;
}
// ClusterCacheInfo contains information about the cluster cache
message ClusterCacheInfo {
// ResourcesCount holds number of observed Kubernetes resources
optional int64 resourcesCount = 1;
// APIsCount holds number of observed Kubernetes API count
optional int64 apisCount = 2;
// LastCacheSyncTime holds time of most recent cache synchronization
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastCacheSyncTime = 3;
}
// ClusterConfig is the configuration attributes. This structure is subset of the go-client
// rest.Config with annotations added for marshalling.
message ClusterConfig {
// Server requires Basic authentication
optional string username = 1;
optional string password = 2;
// Server requires Bearer authentication. This client will not attempt to use
// refresh tokens for an OAuth2 flow.
// TODO: demonstrate an OAuth2 compatible client.
optional string bearerToken = 3;
// TLSClientConfig contains settings to enable transport layer security
optional TLSClientConfig tlsClientConfig = 4;
// AWSAuthConfig contains IAM authentication configuration
optional AWSAuthConfig awsAuthConfig = 5;
// ExecProviderConfig contains configuration for an exec provider
optional ExecProviderConfig execProviderConfig = 6;
// DisableCompression bypasses automatic GZip compression requests to the server.
optional bool disableCompression = 7;
// ProxyURL is the URL to the proxy to be used for all requests send to the server
optional string proxyUrl = 8;
}
// ClusterGenerator defines a generator to match against clusters registered with ArgoCD.
message ClusterGenerator {
// Selector defines a label selector to match against all clusters registered with ArgoCD.
// Clusters today are stored as Kubernetes Secrets, thus the Secret labels will be used
// for matching the selector.
optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 1;
optional ApplicationSetTemplate template = 2;
// Values contains key/value pairs which are passed directly as parameters to the template
map<string, string> values = 3;
// returns the clusters a single 'clusters' value in the template
optional bool flatList = 4;
}
// ClusterInfo contains information about the cluster
message ClusterInfo {
// ConnectionState contains information about the connection to the cluster
optional ConnectionState connectionState = 1;
// ServerVersion contains information about the Kubernetes version of the cluster
optional string serverVersion = 2;
// CacheInfo contains information about the cluster cache
optional ClusterCacheInfo cacheInfo = 3;
// ApplicationsCount is the number of applications managed by Argo CD on the cluster
optional int64 applicationsCount = 4;
// APIVersions contains list of API versions supported by the cluster
repeated string apiVersions = 5;
}
// ClusterList is a collection of Clusters.
message ClusterList {
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
repeated Cluster items = 2;
}
// ClusterResourceRestrictionItem is a cluster resource that is restricted by the project's whitelist or blacklist
message ClusterResourceRestrictionItem {
optional string group = 1;
optional string kind = 2;
// Name is the name of the restricted resource. Glob patterns using Go's filepath.Match syntax are supported.
// Unlike the group and kind fields, if no name is specified, all resources of the specified group/kind are matched.
optional string name = 3;
}
// Command holds binary path and arguments list
message Command {
repeated string command = 1;
repeated string args = 2;
}
// CommitMetadata contains metadata about a commit that is related in some way to another commit.
message CommitMetadata {
// Author is the author of the commit, i.e. `git show -s --format=%an <%ae>`.
// Must be formatted according to RFC 5322 (mail.Address.String()).
// Comes from the Argocd-reference-commit-author trailer.
optional string author = 1;
// Date is the date of the commit, formatted as by `git show -s --format=%aI` (RFC 3339).
// It can also be an empty string if the date is unknown.
// Comes from the Argocd-reference-commit-date trailer.
optional string date = 2;
// Subject is the commit message subject line, i.e. `git show -s --format=%s`.
// Comes from the Argocd-reference-commit-subject trailer.
optional string subject = 3;
// Body is the commit message body minus the subject line, i.e. `git show -s --format=%b`.
// Comes from the Argocd-reference-commit-body trailer.
optional string body = 4;
// SHA is the commit hash.
// Comes from the Argocd-reference-commit-sha trailer.
optional string sha = 5;
// RepoURL is the URL of the repository where the commit is located.
// Comes from the Argocd-reference-commit-repourl trailer.
// This value is not validated and should not be used to construct UI links unless it is properly
// validated and/or sanitized first.
optional string repoUrl = 6;
}
// ComparedTo contains application source and target which was used for resources comparison
message ComparedTo {
// Source is a reference to the application's source used for comparison
optional ApplicationSource source = 1;
// Destination is a reference to the application's destination used for comparison
optional ApplicationDestination destination = 2;
// Sources is a reference to the application's multiple sources used for comparison
repeated ApplicationSource sources = 3;
// IgnoreDifferences is a reference to the application's ignored differences used for comparison
repeated ResourceIgnoreDifferences ignoreDifferences = 4;
}
// ComponentParameter contains information about component parameter value
message ComponentParameter {
optional string component = 1;
optional string name = 2;
optional string value = 3;
}
// ConfigManagementPlugin contains config management plugin configuration
message ConfigManagementPlugin {
optional string name = 1;
optional Command init = 2;
optional Command generate = 3;
optional bool lockRepo = 4;
}
// ConfigMapKeyRef struct for a reference to a configmap key.
message ConfigMapKeyRef {
optional string configMapName = 1;
optional string key = 2;
}
// ConnectionState contains information about remote resource connection state, currently used for clusters and repositories
message ConnectionState {
// Status contains the current status indicator for the connection
optional string status = 1;
// Message contains human readable information about the connection status
optional string message = 2;
// ModifiedAt contains the timestamp when this connection status has been determined
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time attemptedAt = 3;
}
// DrySource specifies a location for dry "don't repeat yourself" manifest source information.
message DrySource {
// RepoURL is the URL to the git repository that contains the application manifests
optional string repoURL = 1;
// TargetRevision defines the revision of the source to hydrate
optional string targetRevision = 2;
// Path is a directory path within the Git repository where the manifests are located
optional string path = 3;
// Helm specifies helm specific options
optional ApplicationSourceHelm helm = 4;
// Kustomize specifies kustomize specific options
optional ApplicationSourceKustomize kustomize = 5;
// Directory specifies path/directory specific options
optional ApplicationSourceDirectory directory = 6;
// Plugin specifies config management plugin specific options
optional ApplicationSourcePlugin plugin = 7;
}
// DuckType defines a generator to match against clusters registered with ArgoCD.
message DuckTypeGenerator {
// ConfigMapRef is a ConfigMap with the duck type definitions needed to retrieve the data
// this includes apiVersion(group/version), kind, matchKey and validation settings
// Name is the resource name of the kind, group and version, defined in the ConfigMapRef
// RequeueAfterSeconds is how long before the duckType will be rechecked for a change
optional string configMapRef = 1;
optional string name = 2;
optional int64 requeueAfterSeconds = 3;
optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labelSelector = 4;
optional ApplicationSetTemplate template = 5;
// Values contains key/value pairs which are passed directly as parameters to the template
map<string, string> values = 6;
}
// EnvEntry represents an entry in the application's environment
message EnvEntry {
// Name is the name of the variable, usually expressed in uppercase
optional string name = 1;
// Value is the value of the variable
optional string value = 2;
}
// ExecProviderConfig is config used to call an external command to perform cluster authentication
// See: https://godoc.org/k8s.io/client-go/tools/clientcmd/api#ExecConfig
message ExecProviderConfig {
// Command to execute
optional string command = 1;
// Arguments to pass to the command when executing it
repeated string args = 2;
// Env defines additional environment variables to expose to the process
map<string, string> env = 3;
// Preferred input version of the ExecInfo
optional string apiVersion = 4;
// This text is shown to the user when the executable doesn't seem to be present
optional string installHint = 5;
}
message GitDirectoryGeneratorItem {
optional string path = 1;
optional bool exclude = 2;
}
message GitFileGeneratorItem {
optional string path = 1;
optional bool exclude = 2;
}
message GitGenerator {
optional string repoURL = 1;
repeated GitDirectoryGeneratorItem directories = 2;
repeated GitFileGeneratorItem files = 3;
optional string revision = 4;
optional int64 requeueAfterSeconds = 5;
optional ApplicationSetTemplate template = 6;
optional string pathParamPrefix = 7;
// Values contains key/value pairs which are passed directly as parameters to the template
map<string, string> values = 8;
}
// GnuPGPublicKey is a representation of a GnuPG public key
message GnuPGPublicKey {
// KeyID specifies the key ID, in hexadecimal string format
optional string keyID = 1;
// Fingerprint is the fingerprint of the key
optional string fingerprint = 2;
// Owner holds the owner identification, e.g. a name and e-mail address
optional string owner = 3;
// Trust holds the level of trust assigned to this key
optional string trust = 4;
// SubType holds the key's subtype (e.g. rsa4096)
optional string subType = 5;
// KeyData holds the raw key data, in base64 encoded format
optional string keyData = 6;
}
// GnuPGPublicKeyList is a collection of GnuPGPublicKey objects
message GnuPGPublicKeyList {
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
repeated GnuPGPublicKey items = 2;
}
// HealthStatus contains information about the currently observed health state of a resource
message HealthStatus {
// Status holds the status code of the resource
optional string status = 1;
// Message is a human-readable informational message describing the health status
optional string message = 2;
// LastTransitionTime is the time the HealthStatus was set or updated
//
// Deprecated: this field is not used and will be removed in a future release.
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;
}
// HelmFileParameter is a file parameter that's passed to helm template during manifest generation
message HelmFileParameter {
// Name is the name of the Helm parameter
optional string name = 1;
// Path is the path to the file containing the values for the Helm parameter
optional string path = 2;
}
// HelmOptions holds helm options
message HelmOptions {
repeated string valuesFileSchemes = 1;
}
// HelmParameter is a parameter that's passed to helm template during manifest generation
message HelmParameter {
// Name is the name of the Helm parameter
optional string name = 1;
// Value is the value for the Helm parameter
optional string value = 2;
// ForceString determines whether to tell Helm to interpret booleans and numbers as strings
optional bool forceString = 3;
}
// HostInfo holds metadata and resource usage metrics for a specific host in the cluster.
message HostInfo {
// Name is the hostname or node name in the Kubernetes cluster.
optional string name = 1;
// ResourcesInfo provides a list of resource usage details for different resource types on this host.
repeated HostResourceInfo resourcesInfo = 2;
// SystemInfo contains detailed system-level information about the host, such as OS, kernel version, and architecture.
optional .k8s.io.api.core.v1.NodeSystemInfo systemInfo = 3;
// Labels holds the labels attached to the host.
map<string, string> labels = 4;
}
// HostResourceInfo represents resource usage details for a specific resource type on a host.
message HostResourceInfo {
// ResourceName specifies the type of resource (e.g., CPU, memory, storage).
optional string resourceName = 1;
// RequestedByApp indicates the total amount of this resource requested by the application running on the host.
optional int64 requestedByApp = 2;
// RequestedByNeighbors indicates the total amount of this resource requested by other workloads on the same host.
optional int64 requestedByNeighbors = 3;
// Capacity represents the total available capacity of this resource on the host.
optional int64 capacity = 4;
}
// HydrateOperation contains information about the most recent hydrate operation
message HydrateOperation {
// StartedAt indicates when the hydrate operation started
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time startedAt = 1;
// FinishedAt indicates when the hydrate operation finished
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time finishedAt = 2;
// Phase indicates the status of the hydrate operation
optional string phase = 3;
// Message contains a message describing the current status of the hydrate operation
optional string message = 4;
// DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation
optional string drySHA = 5;
// HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation
optional string hydratedSHA = 6;
// SourceHydrator holds the hydrator config used for the hydrate operation
optional SourceHydrator sourceHydrator = 7;
}
// HydrateTo specifies a location to which hydrated manifests should be pushed as a "staging area" before being moved to
// the SyncSource. The RepoURL and Path are assumed based on the associated SyncSource config in the SourceHydrator.
message HydrateTo {
// TargetBranch is the branch to which hydrated manifests should be committed
optional string targetBranch = 1;
}
message Info {
optional string name = 1;
optional string value = 2;
}
// InfoItem contains arbitrary, human readable information about an application
message InfoItem {
// Name is a human readable title for this piece of information.
optional string name = 1;
// Value is human readable content.
optional string value = 2;
}
// JWTToken holds the issuedAt and expiresAt values of a token
message JWTToken {
optional int64 iat = 1;
optional int64 exp = 2;
optional string id = 3;
}
// JWTTokens represents a list of JWT tokens
message JWTTokens {
repeated JWTToken items = 1;
}
// JsonnetVar represents a variable to be passed to jsonnet during manifest generation
message JsonnetVar {
optional string name = 1;
optional string value = 2;
optional bool code = 3;
}
// KnownTypeField contains a mapping between a Custom Resource Definition (CRD) field
// and a well-known Kubernetes type. This mapping is primarily used for unit conversions
// in resources where the type is not explicitly defined (e.g., converting "0.1" to "100m" for CPU requests).
message KnownTypeField {
// Field represents the JSON path to the specific field in the CRD that requires type conversion.
// Example: "spec.resources.requests.cpu"
optional string field = 1;
// Type specifies the expected Kubernetes type for the field, such as "cpu" or "memory".
// This helps in converting values between different formats (e.g., "0.1" to "100m" for CPU).
optional string type = 2;
}
message KustomizeGvk {
optional string group = 1;
optional string version = 2;
optional string kind = 3;
}
// KustomizeOptions are options for kustomize to use when building manifests
message KustomizeOptions {
// BuildOptions is a string of build parameters to use when calling `kustomize build`
optional string buildOptions = 1;
// BinaryPath holds optional path to kustomize binary
//
// Deprecated: Use settings.Settings instead. See: settings.Settings.KustomizeVersions.
// If this field is set, it will be used as the Kustomize binary path.
// Otherwise, Versions is used.
optional string binaryPath = 2;
// Versions is a list of Kustomize versions and their corresponding binary paths and build options.
repeated KustomizeVersion versions = 3;
}
message KustomizePatch {
optional string path = 1;
optional string patch = 2;
optional KustomizeSelector target = 3;
map<string, bool> options = 4;
}
message KustomizeReplica {
// Name of Deployment or StatefulSet
optional string name = 1;
// Number of replicas
optional .k8s.io.apimachinery.pkg.util.intstr.IntOrString count = 2;
}
message KustomizeResId {
optional KustomizeGvk gvk = 1;
optional string name = 2;
optional string namespace = 3;
}
message KustomizeSelector {
optional KustomizeResId resId = 1;
optional string annotationSelector = 2;
optional string labelSelector = 3;
}
// KustomizeVersion holds information about additional Kustomize versions
message KustomizeVersion {
// Name holds Kustomize version name
optional string name = 1;
// Path holds the corresponding binary path
optional string path = 2;
// BuildOptions that are specific to a Kustomize version
optional string buildOptions = 3;
}
// ListGenerator include items info
message ListGenerator {
// +kubebuilder:validation:Optional
repeated .k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON elements = 1;
optional ApplicationSetTemplate template = 2;
optional string elementsYaml = 3;
}
message ManagedNamespaceMetadata {
map<string, string> labels = 1;
map<string, string> annotations = 2;
}
// MatrixGenerator generates the cartesian product of two sets of parameters. The parameters are defined by two nested
// generators.
message MatrixGenerator {
repeated ApplicationSetNestedGenerator generators = 1;
optional ApplicationSetTemplate template = 2;
}
// MergeGenerator merges the output of two or more generators. Where the values for all specified merge keys are equal
// between two sets of generated parameters, the parameter sets will be merged with the parameters from the latter
// generator taking precedence. Parameter sets with merge keys not present in the base generator's params will be
// ignored.
// For example, if the first generator produced [{a: '1', b: '2'}, {c: '1', d: '1'}] and the second generator produced
// [{'a': 'override'}], the united parameters for merge keys = ['a'] would be
// [{a: 'override', b: '1'}, {c: '1', d: '1'}].
//
// MergeGenerator supports template overriding. If a MergeGenerator is one of multiple top-level generators, its
// template will be merged with the top-level generator before the parameters are applied.
message MergeGenerator {
repeated ApplicationSetNestedGenerator generators = 1;
repeated string mergeKeys = 2;
optional ApplicationSetTemplate template = 3;
}
// NestedMatrixGenerator is a MatrixGenerator nested under another combination-type generator (MatrixGenerator or
// MergeGenerator). NestedMatrixGenerator does not have an override template, because template overriding has no meaning
// within the constituent generators of combination-type generators.
//
// NOTE: Nested matrix generator is not included directly in the CRD struct, instead it is included
// as a generic 'apiextensionsv1.JSON' object, and then marshalled into a NestedMatrixGenerator
// when processed.
message NestedMatrixGenerator {
repeated ApplicationSetTerminalGenerator generators = 1;
}
// NestedMergeGenerator is a MergeGenerator nested under another combination-type generator (MatrixGenerator or
// MergeGenerator). NestedMergeGenerator does not have an override template, because template overriding has no meaning
// within the constituent generators of combination-type generators.
//
// NOTE: Nested merge generator is not included directly in the CRD struct, instead it is included
// as a generic 'apiextensionsv1.JSON' object, and then marshalled into a NestedMergeGenerator
// when processed.
message NestedMergeGenerator {
repeated ApplicationSetTerminalGenerator generators = 1;
repeated string mergeKeys = 2;
}
// OCIMetadata contains metadata for a specific revision in an OCI repository
message OCIMetadata {
optional string createdAt = 1;
optional string authors = 2;
optional string imageUrl = 3;
optional string docsUrl = 4;
optional string sourceUrl = 5;
optional string version = 6;
optional string description = 7;
}
// Operation contains information about a requested or running operation
message Operation {
// Sync contains parameters for the operation
optional SyncOperation sync = 1;
// InitiatedBy contains information about who initiated the operations
optional OperationInitiator initiatedBy = 2;
// Info is a list of informational items for this operation
repeated Info info = 3;
// Retry controls the strategy to apply if a sync fails
optional RetryStrategy retry = 4;
}
// OperationInitiator contains information about the initiator of an operation
message OperationInitiator {
// Username contains the name of a user who started operation
optional string username = 1;
// Automated is set to true if operation was initiated automatically by the application controller.
optional bool automated = 2;
}
// OperationState contains information about state of a running operation
message OperationState {
// Operation is the original requested operation
optional Operation operation = 1;
// Phase is the current phase of the operation
optional string phase = 2;
// Message holds any pertinent messages when attempting to perform operation (typically errors).
optional string message = 3;
// SyncResult is the result of a Sync operation
optional SyncOperationResult syncResult = 4;
// StartedAt contains time of operation start
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time startedAt = 6;
// FinishedAt contains time of operation completion
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time finishedAt = 7;
// RetryCount contains time of operation retries
optional int64 retryCount = 8;
}
message OptionalArray {
// Array is the value of an array type parameter.
// +optional
repeated string array = 1;
}
message OptionalMap {
// Map is the value of a map type parameter.
// +optional
map<string, string> map = 1;
}
// OrphanedResourceKey is a reference to a resource to be ignored from
message OrphanedResourceKey {
optional string group = 1;
optional string kind = 2;
optional string name = 3;
}
// OrphanedResourcesMonitorSettings holds settings of orphaned resources monitoring
message OrphanedResourcesMonitorSettings {
// Warn indicates if warning condition should be created for apps which have orphaned resources
optional bool warn = 1;
// Ignore contains a list of resources that are to be excluded from orphaned resources monitoring
repeated OrphanedResourceKey ignore = 2;
}
// OverrideIgnoreDiff contains configurations about how fields should be ignored during diffs between
// the desired state and live state
message OverrideIgnoreDiff {
// JSONPointers is a JSON path list following the format defined in RFC4627 (https://datatracker.ietf.org/doc/html/rfc6902#section-3)
repeated string jSONPointers = 1;
// JQPathExpressions is a JQ path list that will be evaludated during the diff process
repeated string jqPathExpressions = 2;
// ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
// desired state defined in the SCM and won't be displayed in diffs
repeated string managedFieldsManagers = 3;
}
message PluginConfigMapRef {
// Name of the ConfigMap
optional string name = 1;
}
// PluginGenerator defines connection info specific to Plugin.
message PluginGenerator {
optional PluginConfigMapRef configMapRef = 1;
optional PluginInput input = 2;
// RequeueAfterSeconds determines how long the ApplicationSet controller will wait before reconciling the ApplicationSet again.
optional int64 requeueAfterSeconds = 3;
optional ApplicationSetTemplate template = 4;
// Values contains key/value pairs which are passed directly as parameters to the template. These values will not be
// sent as parameters to the plugin.
map<string, string> values = 5;
}
message PluginInput {
// Parameters contains the information to pass to the plugin. It is a map. The keys must be strings, and the
// values can be any type.
map<string, .k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON> parameters = 1;
}
// ProjectRole represents a role that has access to a project
message ProjectRole {
// Name is a name for this role
optional string name = 1;
// Description is a description of the role
optional string description = 2;
// Policies Stores a list of casbin formatted strings that define access policies for the role in the project
repeated string policies = 3;
// JWTTokens are a list of generated JWT tokens bound to this role
repeated JWTToken jwtTokens = 4;
// Groups are a list of OIDC group claims bound to this role
repeated string groups = 5;
}
// PullRequestGenerator defines a generator that scrapes a PullRequest API to find candidate pull requests.
message PullRequestGenerator {
// Which provider to use and config for it.
optional PullRequestGeneratorGithub github = 1;
optional PullRequestGeneratorGitLab gitlab = 2;
optional PullRequestGeneratorGitea gitea = 3;
optional PullRequestGeneratorBitbucketServer bitbucketServer = 4;
// Filters for which pull requests should be considered.
repeated PullRequestGeneratorFilter filters = 5;
// Standard parameters.
optional int64 requeueAfterSeconds = 6;
optional ApplicationSetTemplate template = 7;
optional PullRequestGeneratorBitbucket bitbucket = 8;
// Additional provider to use and config for it.
optional PullRequestGeneratorAzureDevOps azuredevops = 9;
// Values contains key/value pairs which are passed directly as parameters to the template
map<string, string> values = 10;
// ContinueOnRepoNotFoundError is a flag to continue the ApplicationSet Pull Request generator parameters generation even if the repository is not found.
optional bool continueOnRepoNotFoundError = 11;
}
// PullRequestGeneratorAzureDevOps defines connection info specific to AzureDevOps.
message PullRequestGeneratorAzureDevOps {
// Azure DevOps org to scan. Required.
optional string organization = 1;
// Azure DevOps project name to scan. Required.
optional string project = 2;
// Azure DevOps repo name to scan. Required.
optional string repo = 3;
// The Azure DevOps API URL to talk to. If blank, use https://dev.azure.com/.
optional string api = 4;
// Authentication token reference.
optional SecretRef tokenRef = 5;
// Labels is used to filter the PRs that you want to target
repeated string labels = 6;
}
// PullRequestGeneratorBitbucket defines connection info specific to Bitbucket.
message PullRequestGeneratorBitbucket {
// Workspace to scan. Required.
optional string owner = 1;
// Repo name to scan. Required.
optional string repo = 2;
// The Bitbucket REST API URL to talk to. If blank, uses https://api.bitbucket.org/2.0.
optional string api = 3;
// Credentials for Basic auth
optional BasicAuthBitbucketServer basicAuth = 4;
// Credentials for AppToken (Bearer auth)
optional BearerTokenBitbucketCloud bearerToken = 5;
}
// PullRequestGeneratorBitbucketServer defines connection info specific to BitbucketServer.
message PullRequestGeneratorBitbucketServer {
// Project to scan. Required.
optional string project = 1;
// Repo name to scan. Required.
optional string repo = 2;
// The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest Required.
optional string api = 3;
// Credentials for Basic auth
optional BasicAuthBitbucketServer basicAuth = 4;
// Credentials for AccessToken (Bearer auth)
optional BearerTokenBitbucket bearerToken = 5;
// Allow self-signed TLS / Certificates; default: false
optional bool insecure = 6;
// ConfigMap key holding the trusted certificates
optional ConfigMapKeyRef caRef = 7;
}
// PullRequestGeneratorFilter is a single pull request filter.
// If multiple filter types are set on a single struct, they will be AND'd together. All filters must
// pass for a pull request to be included.
message PullRequestGeneratorFilter {
optional string branchMatch = 1;
optional string targetBranchMatch = 2;
optional string titleMatch = 3;
}
// PullRequestGeneratorGitLab defines connection info specific to GitLab.
message PullRequestGeneratorGitLab {
// GitLab project to scan. Required.
optional string project = 1;
// The GitLab API URL to talk to. If blank, uses https://gitlab.com/.
optional string api = 2;
// Authentication token reference.
optional SecretRef tokenRef = 3;
// Labels is used to filter the MRs that you want to target
repeated string labels = 4;
// PullRequestState is an additional MRs filter to get only those with a certain state. Default: "" (all states).
// Valid values: opened, closed, merged, locked".
optional string pullRequestState = 5;
// Skips validating the SCM provider's TLS certificate - useful for self-signed certificates.; default: false
optional bool insecure = 6;
// ConfigMap key holding the trusted certificates
optional ConfigMapKeyRef caRef = 7;
}
// PullRequestGeneratorGitea defines connection info specific to Gitea.
message PullRequestGeneratorGitea {
// Gitea org or user to scan. Required.
optional string owner = 1;
// Gitea repo name to scan. Required.
optional string repo = 2;
// The Gitea API URL to talk to. Required
optional string api = 3;
// Authentication token reference.
optional SecretRef tokenRef = 4;
// Allow insecure tls, for self-signed certificates; default: false.
optional bool insecure = 5;
// Labels is used to filter the PRs that you want to target
repeated string labels = 6;
}
// PullRequestGeneratorGithub defines connection info specific to GitHub.
message PullRequestGeneratorGithub {
// GitHub org or user to scan. Required.
optional string owner = 1;
// GitHub repo name to scan. Required.
optional string repo = 2;
// The GitHub API URL to talk to. If blank, use https://api.github.com/.
optional string api = 3;
// Authentication token reference.
optional SecretRef tokenRef = 4;
// AppSecretName is a reference to a GitHub App repo-creds secret with permission to access pull requests.
optional string appSecretName = 5;
// Labels is used to filter the PRs that you want to target
repeated string labels = 6;
}
message RefTarget {
optional Repository repo = 1;
optional string targetRevision = 2;
optional string chart = 3;
}
// RepoCreds holds the definition for repository credentials
message RepoCreds {
// URL is the URL to which these credentials match
optional string url = 1;
// Username for authenticating at the repo server
optional string username = 2;
// Password for authenticating at the repo server
optional string password = 3;
// SSHPrivateKey contains the private key data for authenticating at the repo server using SSH (only Git repos)
optional string sshPrivateKey = 4;
// TLSClientCertData specifies the TLS client cert data for authenticating at the repo server
optional string tlsClientCertData = 5;
// TLSClientCertKey specifies the TLS client cert key for authenticating at the repo server
optional string tlsClientCertKey = 6;
// GithubAppPrivateKey specifies the private key PEM data for authentication via GitHub app
optional string githubAppPrivateKey = 7;
// GithubAppId specifies the Github App ID of the app used to access the repo for GitHub app authentication
optional int64 githubAppID = 8;
// GithubAppInstallationId specifies the ID of the installed GitHub App for GitHub app authentication
optional int64 githubAppInstallationID = 9;
// GithubAppEnterpriseBaseURL specifies the GitHub API URL for GitHub app authentication. If empty will default to https://api.github.com
optional string githubAppEnterpriseBaseUrl = 10;
// EnableOCI specifies whether helm-oci support should be enabled for this repo
optional bool enableOCI = 11;
// Type specifies the type of the repoCreds. Can be either "git", "helm" or "oci". "git" is assumed if empty or absent.
optional string type = 12;
// GCPServiceAccountKey specifies the service account key in JSON format to be used for getting credentials to Google Cloud Source repos
optional string gcpServiceAccountKey = 13;
// Proxy specifies the HTTP/HTTPS proxy used to access repos at the repo server
optional string proxy = 19;
// ForceHttpBasicAuth specifies whether Argo CD should attempt to force basic auth for HTTP connections
optional bool forceHttpBasicAuth = 20;
// NoProxy specifies a list of targets where the proxy isn't used, applies only in cases where the proxy is applied
optional string noProxy = 23;
// UseAzureWorkloadIdentity specifies whether to use Azure Workload Identity for authentication
optional bool useAzureWorkloadIdentity = 24;
// BearerToken contains the bearer token used for Git BitBucket Data Center auth at the repo server
optional string bearerToken = 25;
// InsecureOCIForceHttp specifies whether the connection to the repository uses TLS at _all_. If true, no TLS. This flag is applicable for OCI repos only.
optional bool insecureOCIForceHttp = 26;
}
// RepositoryList is a collection of Repositories.
message RepoCredsList {
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
repeated RepoCreds items = 2;
}
// Repository is a repository holding application configurations
message Repository {
// Repo contains the URL to the remote repository
optional string repo = 1;
// Username contains the user name used for authenticating at the remote repository
optional string username = 2;
// Password contains the password or PAT used for authenticating at the remote repository
optional string password = 3;
// SSHPrivateKey contains the PEM data for authenticating at the repo server. Only used with Git repos.
optional string sshPrivateKey = 4;
// ConnectionState contains information about the current state of connection to the repository server
optional ConnectionState connectionState = 5;
// InsecureIgnoreHostKey should not be used anymore, Insecure is favoured
// Used only for Git repos
optional bool insecureIgnoreHostKey = 6;
// Insecure specifies whether the connection to the repository ignores any errors when verifying TLS certificates or SSH host keys
optional bool insecure = 7;
// EnableLFS specifies whether git-lfs support should be enabled for this repo. Only valid for Git repositories.
optional bool enableLfs = 8;
// TLSClientCertData contains a certificate in PEM format for authenticating at the repo server
optional string tlsClientCertData = 9;
// TLSClientCertKey contains a private key in PEM format for authenticating at the repo server
optional string tlsClientCertKey = 10;
// Type specifies the type of the repo. Can be either "git" or "helm. "git" is assumed if empty or absent.
optional string type = 11;
// Name specifies a name to be used for this repo. Only used with Helm repos
optional string name = 12;
// Whether credentials were inherited from a credential set
optional bool inheritedCreds = 13;
// EnableOCI specifies whether helm-oci support should be enabled for this repo
optional bool enableOCI = 14;
// Github App Private Key PEM data
optional string githubAppPrivateKey = 15;
// GithubAppId specifies the ID of the GitHub app used to access the repo
optional int64 githubAppID = 16;
// GithubAppInstallationId specifies the installation ID of the GitHub App used to access the repo
optional int64 githubAppInstallationID = 17;
// GithubAppEnterpriseBaseURL specifies the base URL of GitHub Enterprise installation. If empty will default to https://api.github.com
optional string githubAppEnterpriseBaseUrl = 18;
// Proxy specifies the HTTP/HTTPS proxy used to access the repo
optional string proxy = 19;
// Reference between project and repository that allows it to be automatically added as an item inside SourceRepos project entity
optional string project = 20;
// GCPServiceAccountKey specifies the service account key in JSON format to be used for getting credentials to Google Cloud Source repos
optional string gcpServiceAccountKey = 21;
// ForceHttpBasicAuth specifies whether Argo CD should attempt to force basic auth for HTTP connections
optional bool forceHttpBasicAuth = 22;
// NoProxy specifies a list of targets where the proxy isn't used, applies only in cases where the proxy is applied
optional string noProxy = 23;
// UseAzureWorkloadIdentity specifies whether to use Azure Workload Identity for authentication
optional bool useAzureWorkloadIdentity = 24;
// BearerToken contains the bearer token used for Git BitBucket Data Center auth at the repo server
optional string bearerToken = 25;
// InsecureOCIForceHttp specifies whether the connection to the repository uses TLS at _all_. If true, no TLS. This flag is applicable for OCI repos only.
optional bool insecureOCIForceHttp = 26;
// Depth specifies the depth for shallow clones. A value of 0 or omitting the field indicates a full clone.
optional int64 depth = 27;
}
// A RepositoryCertificate is either SSH known hosts entry or TLS certificate
message RepositoryCertificate {
// ServerName specifies the DNS name of the server this certificate is intended for
optional string serverName = 1;
// CertType specifies the type of the certificate - currently one of "https" or "ssh"
optional string certType = 2;
// CertSubType specifies the sub type of the cert, i.e. "ssh-rsa"
optional string certSubType = 3;
// CertData contains the actual certificate data, dependent on the certificate type
optional bytes certData = 4;
// CertInfo will hold additional certificate info, depdendent on the certificate type (e.g. SSH fingerprint, X509 CommonName)
optional string certInfo = 5;
}
// RepositoryCertificateList is a collection of RepositoryCertificates
message RepositoryCertificateList {
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
// List of certificates to be processed
repeated RepositoryCertificate items = 2;
}
// RepositoryList is a collection of Repositories.
message RepositoryList {
optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;
repeated Repository items = 2;
}
// ResourceAction represents an individual action that can be performed on a resource.
// It includes parameters, an optional disabled flag, an icon for display, and a name for the action.
message ResourceAction {
// Name is the name or identifier for the action.
optional string name = 1;
// Params contains the parameters required to execute the action.
repeated ResourceActionParam params = 2;
// Disabled indicates whether the action is disabled.
optional bool disabled = 3;
// IconClass specifies the CSS class for the action's icon.
optional string iconClass = 4;
// DisplayName provides a user-friendly name for the action.
optional string displayName = 5;
}
// ResourceActionDefinition defines an individual action that can be executed on a resource.
// It includes a name for the action and a Lua script that defines the action's behavior.
message ResourceActionDefinition {
// Name is the identifier for the action.
optional string name = 1;
// ActionLua contains the Lua script that defines the behavior of the action.
optional string actionLua = 2;
}
// ResourceActionParam represents a parameter for a resource action.
// It includes a name, value, type, and an optional default value for the parameter.
message ResourceActionParam {
// Name is the name of the parameter.
optional string name = 1;
}
// ResourceActions holds the set of actions that can be applied to a resource.
// It defines custom Lua scripts for discovery and action execution, as well as options
// for merging built-in actions with custom ones.
message ResourceActions {
// ActionDiscoveryLua contains a Lua script for discovering actions.
optional string actionDiscoveryLua = 1;
// Definitions holds the list of action definitions available for the resource.
repeated ResourceActionDefinition definitions = 2;
// MergeBuiltinActions indicates whether built-in actions should be merged with custom actions.
optional bool mergeBuiltinActions = 3;
}
// ResourceDiff holds the diff between a live and target resource object in Argo CD.
// It is used to compare the desired state (from Git/Helm) with the actual state in the cluster.
message ResourceDiff {
// Group represents the API group of the resource (e.g., "apps" for Deployments).
optional string group = 1;
// Kind represents the Kubernetes resource kind (e.g., "Deployment", "Service").
optional string kind = 2;
// Namespace specifies the namespace where the resource exists.
optional string namespace = 3;
// Name is the name of the resource.
optional string name = 4;
// TargetState contains the JSON-serialized resource manifest as defined in the Git/Helm repository.
optional string targetState = 5;
// LiveState contains the JSON-serialized resource manifest of the resource currently running in the cluster.
optional string liveState = 6;
// Diff contains the JSON patch representing the difference between the live and target resource.
//
// Deprecated: Use NormalizedLiveState and PredictedLiveState instead to compute differences.
optional string diff = 7;
// Hook indicates whether this resource is a hook resource (e.g., pre-sync or post-sync hooks).
optional bool hook = 8;
// NormalizedLiveState contains the JSON-serialized live resource state after applying normalizations.
// Normalizations may include ignoring irrelevant fields like timestamps or defaults applied by Kubernetes.
optional string normalizedLiveState = 9;
// PredictedLiveState contains the JSON-serialized resource state that Argo CD predicts based on the
// combination of the normalized live state and the desired target state.
optional string predictedLiveState = 10;
// ResourceVersion is the Kubernetes resource version, which helps in tracking changes.
optional string resourceVersion = 11;
// Modified indicates whether the live resource has changes compared to the target resource.
optional bool modified = 12;
}
// ResourceIgnoreDifferences contains resource filter and list of json paths which should be ignored during comparison with live state.
message ResourceIgnoreDifferences {
optional string group = 1;
optional string kind = 2;
optional string name = 3;
optional string namespace = 4;
repeated string jsonPointers = 5;
repeated string jqPathExpressions = 6;
// ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the
// desired state defined in the SCM and won't be displayed in diffs
repeated string managedFieldsManagers = 7;
}
// ResourceNetworkingInfo holds networking-related information for a resource.
message ResourceNetworkingInfo {
// TargetLabels represents labels associated with the target resources that this resource communicates with.
map<string, string> targetLabels = 1;
// TargetRefs contains references to other resources that this resource interacts with, such as Services or Pods.
repeated ResourceRef targetRefs = 2;
// Labels holds the labels associated with this networking resource.
map<string, string> labels = 3;
// Ingress provides information about external access points (e.g., load balancer ingress) for this resource.
repeated .k8s.io.api.core.v1.LoadBalancerIngress ingress = 4;
// ExternalURLs holds a list of URLs that should be accessible externally.
// This field is typically populated for Ingress resources based on their hostname rules.
repeated string externalURLs = 5;
}
// ResourceNode contains information about a live Kubernetes resource and its relationships with other resources.
message ResourceNode {
// ResourceRef uniquely identifies the resource using its group, kind, namespace, and name.
optional ResourceRef resourceRef = 1;
// ParentRefs lists the parent resources that reference this resource.
// This helps in understanding ownership and hierarchical relationships.
repeated ResourceRef parentRefs = 2;
// Info provides additional metadata or annotations about the resource.
repeated InfoItem info = 3;
// NetworkingInfo contains details about the resource's networking attributes,
// such as ingress information and external URLs.
optional ResourceNetworkingInfo networkingInfo = 4;
// ResourceVersion indicates the version of the resource, used to track changes.
optional string resourceVersion = 5;
// Images lists container images associated with the resource.
// This is primarily useful for pods and other workload resources.
repeated string images = 6;
// Health represents the health status of the resource (e.g., Healthy, Degraded, Progressing).
optional HealthStatus health = 7;
// CreatedAt records the timestamp when the resource was created.
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time createdAt = 8;
}
// ResourceOverride holds configuration to customize resource diffing and health assessment
message ResourceOverride {
// HealthLua contains a Lua script that defines custom health checks for the resource.
optional string healthLua = 1;
// UseOpenLibs indicates whether to use open-source libraries for the resource.
optional bool useOpenLibs = 5;
// Actions defines the set of actions that can be performed on the resource, as a Lua script.
optional string actions = 3;
// IgnoreDifferences contains configuration for which differences should be ignored during the resource diffing.
optional OverrideIgnoreDiff ignoreDifferences = 2;
// IgnoreResourceUpdates holds configuration for ignoring updates to specific resource fields.
optional OverrideIgnoreDiff ignoreResourceUpdates = 6;
// KnownTypeFields lists fields for which unit conversions should be applied.
repeated KnownTypeField knownTypeFields = 4;
}
// ResourceRef includes fields which uniquely identify a resource
message ResourceRef {
optional string group = 1;
optional string version = 2;
optional string kind = 3;
optional string namespace = 4;
optional string name = 5;
optional string uid = 6;
}
// ResourceResult holds the operation result details of a specific resource
message ResourceResult {
// Group specifies the API group of the resource
optional string group = 1;
// Version specifies the API version of the resource
optional string version = 2;
// Kind specifies the API kind of the resource
optional string kind = 3;
// Namespace specifies the target namespace of the resource
optional string namespace = 4;
// Name specifies the name of the resource
optional string name = 5;
// Status holds the final result of the sync. Will be empty if the resources is yet to be applied/pruned and is always zero-value for hooks
optional string status = 6;
// Message contains an informational or error message for the last sync OR operation
optional string message = 7;
// HookType specifies the type of the hook. Empty for non-hook resources
optional string hookType = 8;
// HookPhase contains the state of any operation associated with this resource OR hook
// This can also contain values for non-hook resources.
optional string hookPhase = 9;
// SyncPhase indicates the particular phase of the sync that this result was acquired in
optional string syncPhase = 10;
// Images contains the images related to the ResourceResult
repeated string images = 11;
}
// ResourceStatus holds the current synchronization and health status of a Kubernetes resource.
message ResourceStatus {
// Group represents the API group of the resource (e.g., "apps" for Deployments).
optional string group = 1;
// Version indicates the API version of the resource (e.g., "v1", "v1beta1").
optional string version = 2;
// Kind specifies the type of the resource (e.g., "Deployment", "Service").
optional string kind = 3;
// Namespace defines the Kubernetes namespace where the resource is located.
optional string namespace = 4;
// Name is the unique name of the resource within the namespace.
optional string name = 5;
// Status represents the synchronization state of the resource (e.g., Synced, OutOfSync).
optional string status = 6;
// Health indicates the health status of the resource (e.g., Healthy, Degraded, Progressing).
optional HealthStatus health = 7;
// Hook is true if the resource is used as a lifecycle hook in an Argo CD application.
optional bool hook = 8;
// RequiresPruning is true if the resource needs to be pruned (deleted) as part of synchronization.
optional bool requiresPruning = 9;
// SyncWave determines the order in which resources are applied during a sync operation.
// Lower values are applied first.
optional int64 syncWave = 10;
// RequiresDeletionConfirmation is true if the resource requires explicit user confirmation before deletion.
optional bool requiresDeletionConfirmation = 11;
}
// RetryStrategy contains information about the strategy to apply when a sync failed
message RetryStrategy {
// Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed.
optional int64 limit = 1;
// Backoff controls how to backoff on subsequent retries of failed syncs
optional Backoff backoff = 2;
// Refresh indicates if the latest revision should be used on retry instead of the initial one (default: false)
optional bool refresh = 3;
}
// RevisionHistory contains history information about a previous sync
message RevisionHistory {
// Revision holds the revision the sync was performed against
optional string revision = 2;
// DeployedAt holds the time the sync operation completed
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time deployedAt = 4;
// ID is an auto incrementing identifier of the RevisionHistory
optional int64 id = 5;
// Source is a reference to the application source used for the sync operation
optional ApplicationSource source = 6;
// DeployStartedAt holds the time the sync operation started
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time deployStartedAt = 7;
// Sources is a reference to the application sources used for the sync operation
repeated ApplicationSource sources = 8;
// Revisions holds the revision of each source in sources field the sync was performed against
repeated string revisions = 9;
// InitiatedBy contains information about who initiated the operations
optional OperationInitiator initiatedBy = 10;
}
// RevisionMetadata contains metadata for a specific revision in a Git repository. This field is used by the
// Source Hydrator feature which may be removed in the future.
message RevisionMetadata {
// who authored this revision,
// typically their name and email, e.g. "John Doe <john_doe@my-company.com>",
// but might not match this example
optional string author = 1;
// Date specifies when the revision was authored
optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time date = 2;
// Tags specifies any tags currently attached to the revision
// Floating tags can move from one revision to another
repeated string tags = 3;
// Message contains the message associated with the revision, most likely the commit message.
optional string message = 4;
// SignatureInfo contains a hint on the signer if the revision was signed with GPG, and signature verification is enabled.
optional string signatureInfo = 5;
// References contains references to information that's related to this commit in some way.
repeated RevisionReference references = 6;
}
// RevisionReference contains a reference to a some information that is related in some way to another commit. For now,
// it supports only references to a commit. In the future, it may support other types of references.
message RevisionReference {
// Commit contains metadata about the commit that is related in some way to another commit.
optional CommitMetadata commit = 1;
}
// SCMProviderGenerator defines a generator that scrapes a SCMaaS API to find candidate repos.
message SCMProviderGenerator {
// Which provider to use and config for it.
optional SCMProviderGeneratorGithub github = 1;
optional SCMProviderGeneratorGitlab gitlab = 2;
optional SCMProviderGeneratorBitbucket bitbucket = 3;
optional SCMProviderGeneratorBitbucketServer bitbucketServer = 4;
optional SCMProviderGeneratorGitea gitea = 5;
optional SCMProviderGeneratorAzureDevOps azureDevOps = 6;
// Filters for which repos should be considered.
repeated SCMProviderGeneratorFilter filters = 7;
// Which protocol to use for the SCM URL. Default is provider-specific but ssh if possible. Not all providers
// necessarily support all protocols.
optional string cloneProtocol = 8;
// Standard parameters.
optional int64 requeueAfterSeconds = 9;
optional ApplicationSetTemplate template = 10;
// Values contains key/value pairs which are passed directly as parameters to the template
map<string, string> values = 11;
optional SCMProviderGeneratorAWSCodeCommit awsCodeCommit = 12;
}
// SCMProviderGeneratorAWSCodeCommit defines connection info specific to AWS CodeCommit.
message SCMProviderGeneratorAWSCodeCommit {
// TagFilters provides the tag filter(s) for repo discovery
repeated TagFilter tagFilters = 1;
// Role provides the AWS IAM role to assume, for cross-account repo discovery
// if not provided, AppSet controller will use its pod/node identity to discover.
optional string role = 2;
// Region provides the AWS region to discover repos.
// if not provided, AppSet controller will infer the current region from environment.
optional string region = 3;
// Scan all branches instead of just the default branch.
optional bool allBranches = 4;
}
// SCMProviderGeneratorAzureDevOps defines connection info specific to Azure DevOps.
message SCMProviderGeneratorAzureDevOps {
// Azure Devops organization. Required. E.g. "my-organization".
optional string organization = 5;
// The URL to Azure DevOps. If blank, use https://dev.azure.com.
optional string api = 6;
// Azure Devops team project. Required. E.g. "my-team".
optional string teamProject = 7;
// The Personal Access Token (PAT) to use when connecting. Required.
optional SecretRef accessTokenRef = 8;
// Scan all branches instead of just the default branch.
optional bool allBranches = 9;
}
// SCMProviderGeneratorBitbucket defines connection info specific to Bitbucket Cloud (API version 2).
message SCMProviderGeneratorBitbucket {
// Bitbucket workspace to scan. Required.
optional string owner = 1;
// Bitbucket user to use when authenticating. Should have a "member" role to be able to read all repositories and branches. Required
optional string user = 2;
// The app password to use for the user. Required. See: https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/
optional SecretRef appPasswordRef = 3;
// Scan all branches instead of just the main branch.
optional bool allBranches = 4;
}
// SCMProviderGeneratorBitbucketServer defines connection info specific to Bitbucket Server.
message SCMProviderGeneratorBitbucketServer {
// Project to scan. Required.
optional string project = 1;
// The Bitbucket Server REST API URL to talk to. Required.
optional string api = 2;
// Credentials for Basic auth
optional BasicAuthBitbucketServer basicAuth = 3;
// Scan all branches instead of just the default branch.
optional bool allBranches = 4;
// Credentials for AccessToken (Bearer auth)
optional BearerTokenBitbucket bearerToken = 5;
// Allow self-signed TLS / Certificates; default: false
optional bool insecure = 6;
// ConfigMap key holding the trusted certificates
optional ConfigMapKeyRef caRef = 7;
}
// SCMProviderGeneratorFilter is a single repository filter.
// If multiple filter types are set on a single struct, they will be AND'd together. All filters must
// pass for a repo to be included.
message SCMProviderGeneratorFilter {
// A regex for repo names.
optional string repositoryMatch = 1;
// An array of paths, all of which must exist.
repeated string pathsExist = 2;
// An array of paths, all of which must not exist.
repeated string pathsDoNotExist = 3;
// A regex which must match at least one label.
optional string labelMatch = 4;
// A regex which must match the branch name.
optional string branchMatch = 5;
}
// SCMProviderGeneratorGitea defines a connection info specific to Gitea.
message SCMProviderGeneratorGitea {
// Gitea organization or user to scan. Required.
optional string owner = 1;
// The Gitea URL to talk to. For example https://gitea.mydomain.com/.
optional string api = 2;
// Authentication token reference.
optional SecretRef tokenRef = 3;
// Scan all branches instead of just the default branch.
optional bool allBranches = 4;
// Allow self-signed TLS / Certificates; default: false
optional bool insecure = 5;
}
// SCMProviderGeneratorGithub defines connection info specific to GitHub.
message SCMProviderGeneratorGithub {
// GitHub org to scan. Required.
optional string organization = 1;
// The GitHub API URL to talk to. If blank, use https://api.github.com/.
optional string api = 2;
// Authentication token reference.
optional SecretRef tokenRef = 3;
// AppSecretName is a reference to a GitHub App repo-creds secret.
optional string appSecretName = 4;
// Scan all branches instead of just the default branch.
optional bool allBranches = 5;
}
// SCMProviderGeneratorGitlab defines connection info specific to Gitlab.
message SCMProviderGeneratorGitlab {
// Gitlab group to scan. Required. You can use either the project id (recommended) or the full namespaced path.
optional string group = 1;
// Recurse through subgroups (true) or scan only the base group (false). Defaults to "false"
optional bool includeSubgroups = 2;
// The Gitlab API URL to talk to.
optional string api = 3;
// Authentication token reference.
optional SecretRef tokenRef = 4;
// Scan all branches instead of just the default branch.
optional bool allBranches = 5;
// Skips validating the SCM provider's TLS certificate - useful for self-signed certificates.; default: false
optional bool insecure = 6;
// When recursing through subgroups, also include shared Projects (true) or scan only the subgroups under same path (false). Defaults to "true"
optional bool includeSharedProjects = 7;
// Filter repos list based on Gitlab Topic.
optional string topic = 8;
// ConfigMap key holding the trusted certificates
optional ConfigMapKeyRef caRef = 9;
}
// SecretRef struct for a reference to a secret key.
message SecretRef {
optional string secretName = 1;
optional string key = 2;
}
// SignatureKey is the specification of a key required to verify commit signatures with
message SignatureKey {
// The ID of the key in hexadecimal notation
optional string keyID = 1;
}
// SourceHydrator specifies a dry "don't repeat yourself" source for manifests, a sync source from which to sync
// hydrated manifests, and an optional hydrateTo location to act as a "staging" aread for hydrated manifests.
message SourceHydrator {
// DrySource specifies where the dry "don't repeat yourself" manifest source lives.
optional DrySource drySource = 1;
// SyncSource specifies where to sync hydrated manifests from.
optional SyncSource syncSource = 2;
// HydrateTo specifies an optional "staging" location to push hydrated manifests to. An external system would then
// have to move manifests to the SyncSource, e.g. by pull request.
optional HydrateTo hydrateTo = 3;
}
// SourceHydratorStatus contains information about the current state of source hydration
message SourceHydratorStatus {
// LastSuccessfulOperation holds info about the most recent successful hydration
optional SuccessfulHydrateOperation lastSuccessfulOperation = 1;
// CurrentOperation holds the status of the hydrate operation
optional HydrateOperation currentOperation = 2;
}
// SuccessfulHydrateOperation contains information about the most recent successful hydrate operation
message SuccessfulHydrateOperation {
// DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation
optional string drySHA = 5;
// HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation
optional string hydratedSHA = 6;
// SourceHydrator holds the hydrator config used for the hydrate operation
optional SourceHydrator sourceHydrator = 7;
}
// SyncOperation contains details about a sync operation.
message SyncOperation {
// Revision is the revision (Git) or chart version (Helm) which to sync the application to
// If omitted, will use the revision specified in app spec.
optional string revision = 1;
// Prune specifies to delete resources from the cluster that are no longer tracked in git
optional bool prune = 2;
// DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync
optional bool dryRun = 3;
// SyncStrategy describes how to perform the sync
optional SyncStrategy syncStrategy = 4;
// Resources describes which resources shall be part of the sync
repeated SyncOperationResource resources = 6;
// Source overrides the source definition set in the application.
// This is typically set in a Rollback operation and is nil during a Sync operation
optional ApplicationSource source = 7;
// Manifests is an optional field that overrides sync source with a local directory for development
repeated string manifests = 8;
// SyncOptions provide per-sync sync-options, e.g. Validate=false
repeated string syncOptions = 9;
// Sources overrides the source definition set in the application.
// This is typically set in a Rollback operation and is nil during a Sync operation
repeated ApplicationSource sources = 10;
// Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to
// If omitted, will use the revision specified in app spec.
repeated string revisions = 11;
// SelfHealAttemptsCount contains the number of auto-heal attempts
optional int64 autoHealAttemptsCount = 12;
}
// SyncOperationResource contains resources to sync.
message SyncOperationResource {
optional string group = 1;
optional string kind = 2;
optional string name = 3;
optional string namespace = 4;
}
// SyncOperationResult represent result of sync operation
message SyncOperationResult {
// Resources contains a list of sync result items for each individual resource in a sync operation
repeated ResourceResult resources = 1;
// Revision holds the revision this sync operation was performed to
optional string revision = 2;
// Source records the application source information of the sync, used for comparing auto-sync
optional ApplicationSource source = 3;
// Source records the application source information of the sync, used for comparing auto-sync
repeated ApplicationSource sources = 4;
// Revisions holds the revision this sync operation was performed for respective indexed source in sources field
repeated string revisions = 5;
// ManagedNamespaceMetadata contains the current sync state of managed namespace metadata
optional ManagedNamespaceMetadata managedNamespaceMetadata = 6;
}
// SyncPolicy controls when a sync will be performed in response to updates in git
message SyncPolicy {
// Automated will keep an application synced to the target revision
optional SyncPolicyAutomated automated = 1;
// Options allow you to specify whole app sync-options
repeated string syncOptions = 2;
// Retry controls failed sync retry behavior
optional RetryStrategy retry = 3;
// ManagedNamespaceMetadata controls metadata in the given namespace (if CreateNamespace=true)
optional ManagedNamespaceMetadata managedNamespaceMetadata = 4;
}
// SyncPolicyAutomated controls the behavior of an automated sync
message SyncPolicyAutomated {
// Prune specifies whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync (default: false)
optional bool prune = 1;
// SelfHeal specifies whether to revert resources back to their desired state upon modification in the cluster (default: false)
optional bool selfHeal = 2;
// AllowEmpty allows apps have zero live resources (default: false)
optional bool allowEmpty = 3;
// Enable allows apps to explicitly control automated sync
optional bool enabled = 4;
}
// SyncSource specifies a location from which hydrated manifests may be synced. RepoURL is assumed based on the
// associated DrySource config in the SourceHydrator.
message SyncSource {
// TargetBranch is the branch from which hydrated manifests will be synced.
// If HydrateTo is not set, this is also the branch to which hydrated manifests are committed.
optional string targetBranch = 1;
// Path is a directory path within the git repository where hydrated manifests should be committed to and synced
// from. The Path should never point to the root of the repo. If hydrateTo is set, this is just the path from which
// hydrated manifests will be synced.
//
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^.{2,}|[^./]$`
optional string path = 2;
}
// SyncStatus contains information about the currently observed live and desired states of an application
message SyncStatus {
// Status is the sync state of the comparison
optional string status = 1;
// ComparedTo contains information about what has been compared
optional ComparedTo comparedTo = 2;
// Revision contains information about the revision the comparison has been performed to
optional string revision = 3;
// Revisions contains information about the revisions of multiple sources the comparison has been performed to
repeated string revisions = 4;
}
// SyncStrategy controls the manner in which a sync is performed
message SyncStrategy {
// Apply will perform a `kubectl apply` to perform the sync.
optional SyncStrategyApply apply = 1;
// Hook will submit any referenced resources to perform the sync. This is the default strategy
optional SyncStrategyHook hook = 2;
}
// SyncStrategyApply uses `kubectl apply` to perform the apply
message SyncStrategyApply {
// Force indicates whether or not to supply the --force flag to `kubectl apply`.
// The --force flag deletes and re-create the resource, when PATCH encounters conflict and has
// retried for 5 times.
optional bool force = 1;
}
// SyncStrategyHook will perform a sync using hooks annotations.
// If no hook annotation is specified falls back to `kubectl apply`.
message SyncStrategyHook {
// Embed SyncStrategyApply type to inherit any `apply` options
// +optional
optional SyncStrategyApply syncStrategyApply = 1;
}
// SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps
message SyncWindow {
// Kind defines if the window allows or blocks syncs
optional string kind = 1;
// Schedule is the time the window will begin, specified in cron format
optional string schedule = 2;
// Duration is the amount of time the sync window will be open
optional string duration = 3;
// Applications contains a list of applications that the window will apply to
repeated string applications = 4;
// Namespaces contains a list of namespaces that the window will apply to
repeated string namespaces = 5;
// Clusters contains a list of clusters that the window will apply to
repeated string clusters = 6;
// ManualSync enables manual syncs when they would otherwise be blocked
optional bool manualSync = 7;
// TimeZone of the sync that will be applied to the schedule
optional string timeZone = 8;
// UseAndOperator use AND operator for matching applications, namespaces and clusters instead of the default OR operator
optional bool andOperator = 9;
// Description of the sync that will be applied to the schedule, can be used to add any information such as a ticket number for example
optional string description = 10;
}
// TLSClientConfig contains settings to enable transport layer security
message TLSClientConfig {
// Insecure specifies that the server should be accessed without verifying the TLS certificate. For testing only.
optional bool insecure = 1;
// ServerName is passed to the server for SNI and is used in the client to check server
// certificates against. If ServerName is empty, the hostname used to contact the
// server is used.
optional string serverName = 2;
// CertData holds PEM-encoded bytes (typically read from a client certificate file).
// CertData takes precedence over CertFile
optional bytes certData = 3;
// KeyData holds PEM-encoded bytes (typically read from a client certificate key file).
// KeyData takes precedence over KeyFile
optional bytes keyData = 4;
// CAData holds PEM-encoded bytes (typically read from a root certificates bundle).
// CAData takes precedence over CAFile
optional bytes caData = 5;
}
message TagFilter {
optional string key = 1;
optional string value = 2;
}
Reference in New Issue View Git Blame Copy Permalink